CVE-2023-34246

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-34246
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-34246.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-34246
Aliases
Related
Published
2023-06-12T17:15:09Z
Modified
2024-12-09T04:45:37.928208Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.

References

Affected packages

Debian:11 / ruby-doorkeeper

Package

Name
ruby-doorkeeper
Purl
pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.0-2+deb11u1

Affected versions

5.*

5.3.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ruby-doorkeeper

Package

Name
ruby-doorkeeper
Purl
pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.5.0-2
5.6.6-1
5.6.6-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-doorkeeper

Package

Name
ruby-doorkeeper
Purl
pkg:deb/debian/ruby-doorkeeper?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.6.6-2

Affected versions

5.*

5.5.0-2
5.6.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/doorkeeper-gem/doorkeeper

Affected ranges

Type
GIT
Repo
https://github.com/doorkeeper-gem/doorkeeper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v.*

v.5.3.0

v0.*

v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.2
v0.4.0
v0.5.0.rc1
v0.6.0
v0.6.0.rc1
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.6.6
v0.6.7
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.4

v1.*

v1.0.0
v1.0.0.rc1
v1.0.0.rc2
v1.1.0
v1.2.0
v1.3.0
v1.3.1
v1.4.0

v2.*

v2.0.0
v2.0.0.alpha1
v2.0.0.rc1
v2.0.0.rc2
v2.0.0.rc3
v2.0.1
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.2.0
v2.2.1

v3.*

v3.0.0
v3.0.0.rc1
v3.0.0.rc2
v3.0.1
v3.1.0

v4.*

v4.0.0
v4.0.0.rc1
v4.0.0.rc2
v4.0.0.rc3
v4.0.0.rc4
v4.1.0
v4.2.0
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2

v5.*

v5.0.0
v5.0.0.rc1
v5.0.0.rc2
v5.0.1
v5.0.2
v5.1.0
v5.1.0.rc1
v5.1.0.rc2
v5.2.0
v5.2.0.rc2
v5.2.0.rc3
v5.2.1
v5.2.2
v5.2.3
v5.4.0
v5.4.0.rc1
v5.4.0.rc2
v5.5.0
v5.5.0.rc1
v5.5.0.rc2
v5.5.1
v5.5.2
v5.5.3
v5.5.4
v5.6.0
v5.6.0.rc1
v5.6.1
v5.6.2
v5.6.3
v5.6.4
v5.6.5